RH: Satellite: Remove SELinux context from config files

When you use RedHat Satellite combined with SELINUX ( permissive or enforcing )
it is needed to create SELinux Context information in a Configuration File.

Disabling SELinux on your RedHat clients will have a nice impact on your infrastructure as clients themselves do  not look at SELinux context anymore but the information is still a part of the configuration file in RH Satellite.

On a client yo will see a result like this :

# rhncfg-client verify | grep selinux
selinux /etc/nsswitch.conf
selinux /etc/ntp.conf
selinux /etc/openldap/ldap.conf
selinux /etc/pam.d/sshd
selinux /etc/pam.d/system-auth
selinux /etc/pam.d/system-auth-ac


So when you want to get rid of this there are 2 major options.

  1. Manually remove the SELinux Context entries in each configuration file in Sateliite.
  2. On each client retrieve all specified files from Satellite ( rhncfg-client get )


Luckily there is a solution as Satellite ( or Spacewalk ) provides an API to talk to 🙂

Here is a python script which removes SELinux Context from files, directories ans Symlink


[ SELinux Reset script ]